[kernel] r20083 - in dists/wheezy-security/linux/debian: . patches patches/bugfix/all

Dann Frazier dannf at alioth.debian.org
Tue May 14 18:13:36 UTC 2013 

Author: dannf
Date: Tue May 14 18:13:35 2013
New Revision: 20083

Log:
perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094)

Added:
   dists/wheezy-security/linux/debian/patches/bugfix/all/perf-Treat-attr.config-as-u64-in-perf_swevent_init.patch
Modified:
   dists/wheezy-security/linux/debian/changelog
   dists/wheezy-security/linux/debian/patches/series

Modified: dists/wheezy-security/linux/debian/changelog
==============================================================================
--- dists/wheezy-security/linux/debian/changelog	Tue May 14 17:36:03 2013	(r20082)
+++ dists/wheezy-security/linux/debian/changelog	Tue May 14 18:13:35 2013	(r20083)
@@ -1,3 +1,9 @@
+linux (3.2.41-2+deb7u1) UNRELEASED; urgency=high
+
+  * perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094)
+
+ -- dann frazier <dannf at debian.org>  Tue, 14 May 2013 11:48:39 -0600
+
 linux (3.2.41-2) unstable; urgency=low
 
   * [ia64] udeb: Remove efi-modules package; make kernel-image provide

Added: dists/wheezy-security/linux/debian/patches/bugfix/all/perf-Treat-attr.config-as-u64-in-perf_swevent_init.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy-security/linux/debian/patches/bugfix/all/perf-Treat-attr.config-as-u64-in-perf_swevent_init.patch	Tue May 14 18:13:35 2013	(r20083)
@@ -0,0 +1,39 @@
+From 3fc8fc1cc2d585c1f695f7de914063258aafe50e Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tt.rantala at gmail.com>
+Date: Sat, 13 Apr 2013 19:49:14 +0000
+Subject: perf: Treat attr.config as u64 in perf_swevent_init()
+
+commit 8176cced706b5e5d15887584150764894e94e02f upstream.
+
+Trinity discovered that we fail to check all 64 bits of
+attr.config passed by user space, resulting to out-of-bounds
+access of the perf_swevent_enabled array in
+sw_perf_event_destroy().
+
+Introduced in commit b0a873ebb ("perf: Register PMU
+implementations").
+
+Signed-off-by: Tommi Rantala <tt.rantala at gmail.com>
+Cc: Peter Zijlstra <a.p.zijlstra at chello.nl>
+Cc: davej at redhat.com
+Cc: Paul Mackerras <paulus at samba.org>
+Cc: Arnaldo Carvalho de Melo <acme at ghostprotocols.net>
+Link: http://lkml.kernel.org/r/1365882554-30259-1-git-send-email-tt.rantala@gmail.com
+Signed-off-by: Ingo Molnar <mingo at kernel.org>
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index d23dfa7..9f21915 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -5164,7 +5164,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
+ 
+ static int perf_swevent_init(struct perf_event *event)
+ {
+-	int event_id = event->attr.config;
++	u64 event_id = event->attr.config;
+ 
+ 	if (event->attr.type != PERF_TYPE_SOFTWARE)
+ 		return -ENOENT;
+--
+cgit v0.9.1

Modified: dists/wheezy-security/linux/debian/patches/series
==============================================================================
--- dists/wheezy-security/linux/debian/patches/series	Tue May 14 17:36:03 2013	(r20082)
+++ dists/wheezy-security/linux/debian/patches/series	Tue May 14 18:13:35 2013	(r20083)
@@ -639,3 +639,4 @@
 bugfix/x86/KVM-x86-fix-for-buffer-overflow-in-handling-of-MSR_K.patch
 bugfix/x86/KVM-x86-Convert-MSR_KVM_SYSTEM_TIME-to-use-gfn_to_hv.patch
 bugfix/all/KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch
+bugfix/all/perf-Treat-attr.config-as-u64-in-perf_swevent_init.patch

More information about the Kernel-svn-changes mailing list